SecuritySkip Navigation
border

Conferences and Events | Online Resources | Programs | Security | Services | Shared Network | Technical Support | Training
About MOREnet | Contact Us | Search | MyMOREnet Login | Collaboration Matrix


Home » Security

Resources for Security Network Services

Interpreting Scan Results — Windows Machines

On most Windows machines, the following ports will be open:

TCP Port UDP Port Service Notes
135 135 Microsoft RPC The Good Net Neighbor service will block this port.
137 137 NETBIOS Name Service The Good Net Neighbor service will block this port.
138 138 NETBIOS Datagram Service The Good Net Neighbor service will block this port.
139 139 NETBIOS Session Service The Good Net Neighbor service will block this port.
445 445 Microsoft Server Message Block (SMB) The Good Net Neighbor service will block this port.
3389 3389 Remote Desktop Protocol (RDP) Windows Terminal Services. Should be restricted to your IP addresses.
1025, 1026, 1027   Related to Microsoft port 135 If GNN is applied, these ports generally stop showing up.

If the machine is a server, the following ports may be open:

TCP Port UDP Port Service Notes
21 21 FTP File Transfer Protocol. Disable if not needed. Also, disable anonymous FTP if not needed. MOREnet Security recommends SFTP instead of plain FTP to the traffic is encrypted.
25 25 SMTP Simple Mail Transfer Protocol. Should be enabled on a server but not on a workstation.
53 53 DNS Domain Name System. Used only if a site is running its own DNS server. If not running a DNS server, stop this service and use MOREnet's DNS servers.
80 80 HTTP HyperText Transfer Protocol. Webserver; things like Apache, Microsoft's Internet Information Server, etc.
110 110 POP3 Post Office Protocol, version 3. Used to POP mail from the machine.
5800 or 5900 5800 or 5900 VNC 5900 is the VNC data port. 5800 is for the HTTP server, unless the user changes these in the config.
8080 8080 HTTP Proxy There are many examples of proxy servers running on this port.

This is not a complete list of ports and services. Your server may have other ports open. For a complete list of ports and associated services, please see one of these locations:

Best Practices for Network Security

  • Don't run unnecessary services.
  • Keep software up to date, with respect to security issues.
  • Restrict access to services via authentication, filters and encryption.
  • Monitor access logs.
  • Properly install and monitor "personal firewall" to detect and contain both incoming and outgoing traffic.
  • Properly install and monitor external firewall as an added layer of protection.
Security Information

2007 Advanced Technical Security Symposium
Security Series Web Seminars
Security Awareness

Services

Blackhole DNS
E-mail Virus and Spam Filtering
Good Net Neighbor Service - Phase 1
Good Net Neighbor Service - Phase 2
Internet Content Filtering
Remote Vulnerability Assessment Service

Incident Response

Incident Response
Online Incident Report

Security Tools and Documents

Security Tools
Security Policies and Presentations

Security Contact Information

E-mail: security@more.net
Phone: 1-800-509-6673
Fax: +1-573-884-7699

 
Spacer Graphic

 
border
Copyright © 2002-2005 MOREnet. All rights reserved. Reviewed May 13, 2005.
Contact security@more.net. DMCA and other copyright information.
Site Information: Copyright, accessibility, privacy and other information about this site.
PageMinder: Receive an e-mail notice when this page updates.

Search MOREnet  Advanced Search